[Secure-testing-commits] r46220 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Nov 15 21:10:12 UTC 2016
Author: sectracker
Date: 2016-11-15 21:10:12 +0000 (Tue, 15 Nov 2016)
New Revision: 46220
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-15 19:53:53 UTC (rev 46219)
+++ data/CVE/list 2016-11-15 21:10:12 UTC (rev 46220)
@@ -1,3 +1,89 @@
+CVE-2016-9321
+ RESERVED
+CVE-2016-9320
+ RESERVED
+CVE-2016-9319
+ RESERVED
+CVE-2016-9318
+ RESERVED
+CVE-2016-9317
+ RESERVED
+CVE-2016-9316
+ RESERVED
+CVE-2016-9315
+ RESERVED
+CVE-2016-9314
+ RESERVED
+CVE-2016-9313
+ RESERVED
+CVE-2016-9312
+ RESERVED
+CVE-2016-9311
+ RESERVED
+CVE-2016-9310
+ RESERVED
+CVE-2016-9309
+ RESERVED
+CVE-2016-9308
+ RESERVED
+CVE-2016-9307
+ RESERVED
+CVE-2016-9306
+ RESERVED
+CVE-2016-9305
+ RESERVED
+CVE-2016-9304
+ RESERVED
+CVE-2016-9303
+ RESERVED
+CVE-2016-9295
+ RESERVED
+CVE-2016-9293
+ RESERVED
+CVE-2016-9292
+ RESERVED
+CVE-2016-9291
+ RESERVED
+CVE-2016-9290
+ RESERVED
+CVE-2016-9289
+ RESERVED
+CVE-2016-9288 (In framework/modules/navigation/controllers/navigationController.php in ...)
+ TODO: check
+CVE-2016-9287 (In /framework/modules/notfound/controllers/notfoundController.php of ...)
+ TODO: check
+CVE-2016-9286 (framework/modules/users/controllers/usersController.php in Exponent CMS ...)
+ TODO: check
+CVE-2016-9285 (framework/modules/addressbook/controllers/addressController.php in ...)
+ TODO: check
+CVE-2016-9284 (getUsersByJSON in ...)
+ TODO: check
+CVE-2016-9283 (SQL Injection in framework/core/subsystems/expRouter.php in Exponent ...)
+ TODO: check
+CVE-2016-9282 (SQL Injection in ...)
+ TODO: check
+CVE-2016-9281
+ RESERVED
+CVE-2016-9280
+ RESERVED
+CVE-2016-9277 (Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note ...)
+ TODO: check
+CVE-2016-9274 (Untrusted search path vulnerability in Git 1.x for Windows allows local ...)
+ TODO: check
+CVE-2016-9272 (A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with ...)
+ TODO: check
+CVE-2016-9271
+ RESERVED
+CVE-2016-9270
+ RESERVED
+CVE-2016-9269
+ RESERVED
+CVE-2016-9268 (Unrestricted file upload vulnerability in the Blog appearance in the ...)
+ TODO: check
+CVE-2016-9267
+ RESERVED
+CVE-2016-9263
+ RESERVED
CVE-2016-XXXX [gstreamer 0.10 NSF code execution]
- gst-plugins-bad0.10 <removed>
[jessie] - gst-plugins-bad0.10 0.10.23-7.4+deb8u1
@@ -4,22 +90,28 @@
NOTE: Workaround entry for DSA-3713-1 until CVE is assigned
NOTE: http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html
CVE-2016-9299 [jenkins: unauthenticated remote code execution]
+ RESERVED
- jenkins <removed>
NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/4
CVE-2016-9298 [heap overflow in WaveletDenoiseImage()]
+ RESERVED
- imagemagick <unfixed> (bug #844211)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/296
NOTE: http://www.openwall.com/lists/oss-security/2016/11/13/1
CVE-2016-9300 [maradns: remote crash bug in MaraDNS 2.0.13 js_readuint16]
+ RESERVED
- maradns <unfixed> (bug #844121)
NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/3
CVE-2016-9301 [maradns: remote crash bug in MaraDNS 2.0.13 js_substr]
+ RESERVED
- maradns <unfixed> (bug #844121)
NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/3
CVE-2016-9302 [maradns: remote crash bug in MaraDNS 2.0.13 process_query]
+ RESERVED
- maradns <unfixed> (bug #844121)
NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/3
CVE-2016-9297 [libtiff/tif_dirread.c read outside buffer in _TIFFPrintField()]
+ RESERVED
- tiff <unfixed> (bug #844226)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2590
NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/2
@@ -28,24 +120,28 @@
[jessie] - tiff <no-dsa> (Minor issue)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2592
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/11/11/14
-CVE-2016-9296 [Null pointer dereference in 7zIn.cpp]
+CVE-2016-9296 (A null pointer dereference bug affects the 16.02 and many old versions ...)
- p7zip <unfixed> (bug #844344)
[jessie] - p7zip <not-affected> (Vulnerable code with potential NULL pointer dereference introduced later)
[wheezy] - p7zip <not-affected> (Vulnerable code with potential NULL pointer dereference introduced later)
NOTE: https://sourceforge.net/p/p7zip/bugs/185/
-CVE-2016-9294
+CVE-2016-9294 (Artifex Software, Inc. MuJS before ...)
NOT-FOR-US: MuJS
CVE-2016-9279
+ RESERVED
NOT-FOR-US: Samsung Exynos fimg2d driver for Android
CVE-2016-9278
+ RESERVED
NOT-FOR-US: Samsung Exynos fimg2d driver for Android
CVE-2016-9276 [heap-based buffer overflow in dwarf_get_aranges_list (dwarf_arange.c)]
+ RESERVED
- dwarfutils <unfixed> (bug #844011)
[jessie] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/
NOTE: https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-dwarf_get_aranges_list-dwarf_arange-c
NOTE: Same commit as for CVE-2016-9275. Needs the dwarf_arange.c part of the commit.
CVE-2016-9275 [heap-based buffer overflow in _dwarf_skim_forms (dwarf_macro5.c)]
+ RESERVED
- dwarfutils <unfixed> (bug #844012)
[jessie] - dwarfutils <not-affected> (Vulnerable code not present)
[wheezy] - dwarfutils <not-affected> (Vulnerable code not present)
@@ -53,6 +149,7 @@
NOTE: https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-_dwarf_skim_forms-dwarf_macro5-c
NOTE: Same commit as for CVE-2016-9276. Needs the dwarf_macro5.c part of the commit.
CVE-2016-9273 [libtiff heap overflow]
+ RESERVED
- tiff <unfixed> (bug #844013)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2587
NOTE: http://www.openwall.com/lists/oss-security/2016/11/09/20
@@ -73,14 +170,17 @@
CVE-2017-0301
RESERVED
CVE-2016-9266 [left shift in listmp3.c]
+ RESERVED
- ming <unfixed> (bug #843928)
NOTE: https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-left-shift-in-listmp3-c
NOTE: https://github.com/libming/libming/issues/53
CVE-2016-9265 [divide-by-zero in printMP3Headers (listmp3.c)]
+ RESERVED
- ming <unfixed> (bug #843928)
NOTE: https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-divide-by-zero-in-printmp3headers-list
NOTE: https://github.com/libming/libming/issues/52
CVE-2016-9264 [global-buffer-overflow in printMP3Headers (listmp3.c)]
+ RESERVED
- ming <unfixed> (bug #843928)
NOTE: https://blogs.gentoo.org/ago/2016/11/07/libming-listmp3-global-buffer-overflow-in-printmp3headers-listmp3-c
NOTE: https://github.com/libming/libming/issues/51
@@ -228,6 +328,7 @@
CVE-2016-9192
RESERVED
CVE-2015-8972 [user input buffer overflow]
+ RESERVED
- gnuchess 6.2.4-1 (unimportant)
NOTE: Built with hardening flags, no security impact
NOTE: http://lists.gnu.org/archive/html/bug-gnu-chess/2015-10/msg00002.html
@@ -443,6 +544,7 @@
RESERVED
CVE-2016-9119 [XSS in GUI editor's link dialogue]
RESERVED
+ {DSA-3715-1}
- moin <unfixed> (bug #844338)
NOTE: Fixed by: http://hg.moinmo.in/moin/1.9/rev/3bddf075fdbd
CVE-2016-9118 (Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of ...)
@@ -980,20 +1082,20 @@
NOTE: https://blogs.gentoo.org/ago/2016/10/18/libwmf-memory-allocation-failure-in-wmf_malloc-api-c
NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00015-libwmf-memalloc-wmf_malloc
NOTE: Proposed patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=842090;filename=libwmf-0.2.8.4-CVE-2016-9011-debian.patch;msg=10
-CVE-2016-8908
- RESERVED
-CVE-2016-8907
- RESERVED
-CVE-2016-8906
- RESERVED
-CVE-2016-8905
- RESERVED
-CVE-2016-8904
- RESERVED
-CVE-2016-8903
- RESERVED
-CVE-2016-8902
- RESERVED
+CVE-2016-8908 (SQL injection vulnerability in the "Site Browser > HTML pages" screen ...)
+ TODO: check
+CVE-2016-8907 (SQL injection vulnerability in the "Content Types > Content Types" ...)
+ TODO: check
+CVE-2016-8906 (SQL injection vulnerability in the "Site Browser > Links pages" screen ...)
+ TODO: check
+CVE-2016-8905 (SQL injection vulnerability in the JSONTags servlet in dotCMS before ...)
+ TODO: check
+CVE-2016-8904 (SQL injection vulnerability in the "Site Browser > Containers pages" ...)
+ TODO: check
+CVE-2016-8903 (SQL injection vulnerability in the "Site Browser > Templates pages" ...)
+ TODO: check
+CVE-2016-8902 (SQL injection vulnerability in the categoriesServlet servlet in dotCMS ...)
+ TODO: check
CVE-2016-8901
RESERVED
CVE-2016-8900
@@ -5377,14 +5479,11 @@
RESERVED
CVE-2016-7491
RESERVED
-CVE-2016-7490
- RESERVED
+CVE-2016-7490 (The installation script studioexpressinstall for Teradata Studio ...)
NOT-FOR-US: Teradata Studio Express
-CVE-2016-7489
- RESERVED
+CVE-2016-7489 (Teradata Virtual Machine Community Edition v15.10's perl script ...)
NOT-FOR-US: Teradata Virtual Machine Community Edition
-CVE-2016-7488
- RESERVED
+CVE-2016-7488 (Teradata Virtual Machine Community Edition v15.10 has insecure file ...)
NOT-FOR-US: Teradata Virtual Machine Community Edition
CVE-2016-7487
RESERVED
@@ -6332,15 +6431,15 @@
CVE-2016-7149
RESERVED
NOT-FOR-US: b2evolution
-CVE-2016-7148 [XSS in AttachFile view (multifile related)]
- RESERVED
+CVE-2016-7148 (MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript ...)
+ {DSA-3715-1}
- moin <unfixed> (bug #844341)
NOTE: Fixed by: http://hg.moinmo.in/moin/1.9/rev/eceb70c41ecc
NOTE: https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html
CVE-2016-7147
RESERVED
-CVE-2016-7146 [XSS in GUI editor's attachment dialogue]
- RESERVED
+CVE-2016-7146 (MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript ...)
+ {DSA-3715-1}
- moin <unfixed> (bug #844340)
NOTE: Fixed by: http://hg.moinmo.in/moin/1.9/rev/1563d6db198c
NOTE: https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html
@@ -13453,8 +13552,7 @@
RESERVED
CVE-2016-5196
RESERVED
-CVE-2016-5195
- RESERVED
+CVE-2016-5195 (Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before ...)
{DSA-3696-1 DLA-670-1}
- linux 4.7.8-1
NOTE: https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
@@ -16858,8 +16956,8 @@
NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4096 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2016-4095
- RESERVED
+CVE-2016-4095 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+ TODO: check
CVE-2016-4094 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4093 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
More information about the Secure-testing-commits
mailing list